packetfu 1.1.10 → 1.1.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +2 -0
- data/.gitignore +3 -0
- data/.travis.yml +8 -0
- data/CONTRIBUTING.md +47 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +1 -1
- data/README.rdoc +35 -30
- data/Rakefile +4 -4
- data/bench/octets.rb +9 -9
- data/examples/100kpackets.rb +12 -12
- data/examples/ackscan.rb +16 -16
- data/examples/arp.rb +35 -35
- data/examples/arphood.rb +36 -36
- data/examples/dissect_thinger.rb +6 -6
- data/examples/new-simple-stats.rb +23 -23
- data/examples/packetfu-shell.rb +25 -25
- data/examples/simple-sniffer.rb +9 -9
- data/examples/simple-stats.rb +23 -23
- data/examples/slammer.rb +3 -3
- data/gem-public_cert.pem +21 -0
- data/lib/packetfu.rb +149 -127
- data/lib/packetfu/capture.rb +169 -169
- data/lib/packetfu/config.rb +52 -52
- data/lib/packetfu/inject.rb +56 -56
- data/lib/packetfu/packet.rb +531 -528
- data/lib/packetfu/pcap.rb +579 -579
- data/lib/packetfu/protos/arp.rb +90 -90
- data/lib/packetfu/protos/arp/header.rb +158 -158
- data/lib/packetfu/protos/arp/mixin.rb +36 -36
- data/lib/packetfu/protos/eth.rb +44 -44
- data/lib/packetfu/protos/eth/header.rb +243 -243
- data/lib/packetfu/protos/eth/mixin.rb +3 -3
- data/lib/packetfu/protos/hsrp.rb +69 -69
- data/lib/packetfu/protos/hsrp/header.rb +107 -107
- data/lib/packetfu/protos/hsrp/mixin.rb +29 -29
- data/lib/packetfu/protos/icmp.rb +71 -71
- data/lib/packetfu/protos/icmp/header.rb +82 -82
- data/lib/packetfu/protos/icmp/mixin.rb +14 -14
- data/lib/packetfu/protos/invalid.rb +49 -49
- data/lib/packetfu/protos/ip.rb +69 -69
- data/lib/packetfu/protos/ip/header.rb +291 -291
- data/lib/packetfu/protos/ip/mixin.rb +40 -40
- data/lib/packetfu/protos/ipv6.rb +50 -50
- data/lib/packetfu/protos/ipv6/header.rb +188 -188
- data/lib/packetfu/protos/ipv6/mixin.rb +29 -29
- data/lib/packetfu/protos/tcp.rb +176 -176
- data/lib/packetfu/protos/tcp/ecn.rb +35 -35
- data/lib/packetfu/protos/tcp/flags.rb +74 -74
- data/lib/packetfu/protos/tcp/header.rb +268 -268
- data/lib/packetfu/protos/tcp/hlen.rb +32 -32
- data/lib/packetfu/protos/tcp/mixin.rb +46 -46
- data/lib/packetfu/protos/tcp/option.rb +321 -321
- data/lib/packetfu/protos/tcp/options.rb +95 -95
- data/lib/packetfu/protos/tcp/reserved.rb +35 -35
- data/lib/packetfu/protos/udp.rb +159 -123
- data/lib/packetfu/protos/udp/header.rb +91 -91
- data/lib/packetfu/protos/udp/mixin.rb +3 -3
- data/lib/packetfu/structfu.rb +280 -280
- data/lib/packetfu/utils.rb +292 -225
- data/lib/packetfu/version.rb +41 -41
- data/packetfu.gemspec +14 -3
- data/spec/arp_spec.rb +191 -0
- data/spec/eth_spec.rb +148 -0
- data/spec/icmp_spec.rb +97 -0
- data/spec/ip_spec.rb +78 -0
- data/spec/ipv6_spec.rb +81 -0
- data/spec/packet_spec.rb +61 -59
- data/spec/packet_subclasses_spec.rb +9 -10
- data/spec/packetfu_spec.rb +55 -62
- data/spec/sample3.pcap +0 -0
- data/spec/spec_helper.rb +44 -0
- data/spec/structfu_spec.rb +270 -271
- data/spec/tcp_spec.rb +76 -77
- data/spec/udp_spec.rb +32 -0
- data/spec/utils_spec.rb +95 -0
- data/test/all_tests.rb +14 -17
- data/test/func_lldp.rb +3 -3
- data/test/ptest.rb +2 -2
- data/test/test_capture.rb +45 -45
- data/test/test_eth.rb +70 -68
- data/test/test_hsrp.rb +9 -9
- data/test/test_inject.rb +18 -18
- data/test/test_invalid.rb +16 -16
- data/test/test_octets.rb +23 -21
- data/test/test_packet.rb +156 -154
- data/test/test_pcap.rb +172 -170
- data/test/test_structfu.rb +99 -97
- data/test/test_tcp.rb +322 -320
- data/test/test_udp.rb +78 -76
- metadata +108 -44
- metadata.gz.sig +2 -0
- data/spec/ethpacket_spec.rb +0 -74
- data/test/test_arp.rb +0 -135
- data/test/test_icmp.rb +0 -62
- data/test/test_ip.rb +0 -50
- data/test/test_ip6.rb +0 -68
data/test/test_eth.rb
CHANGED
@@ -1,4 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# -*- coding: binary -*-
|
3
|
+
|
2
4
|
require 'test/unit'
|
3
5
|
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
6
|
require 'packetfu'
|
@@ -6,85 +8,85 @@ puts "Testing #{PacketFu.version}: #{$0}"
|
|
6
8
|
|
7
9
|
class EthTest < Test::Unit::TestCase
|
8
10
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
11
|
+
def test_ethmac
|
12
|
+
dst = "\x00\x03\x2f\x1a\x74\xde"
|
13
|
+
e = PacketFu::EthMac.new
|
14
|
+
e.read dst
|
15
|
+
assert_equal(dst, e.to_s)
|
16
|
+
assert_equal(0x32f, e.oui.oui)
|
17
|
+
assert_equal("\x1a\x74\xde", e.nic.to_s)
|
18
|
+
assert_equal(222, e.nic.n2)
|
19
|
+
end
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
21
|
+
def test_ethmac_ipad
|
22
|
+
dst = "\x7c\x6d\x62\x01\x02\x03"
|
23
|
+
e = PacketFu::EthMac.new
|
24
|
+
e.read dst
|
25
|
+
assert_equal(dst, e.to_s)
|
26
|
+
assert_equal(0x6d62, e.oui.oui)
|
27
|
+
end
|
26
28
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
29
|
+
def test_ethmac_class
|
30
|
+
src = "\x00\x1b\x11\x51\xb7\xce"
|
31
|
+
e = PacketFu::EthMac.new
|
32
|
+
e.read src
|
33
|
+
assert_instance_of(PacketFu::EthMac, e)
|
34
|
+
end
|
33
35
|
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
36
|
+
def test_eth
|
37
|
+
header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
|
38
|
+
src = "\x00\x1b\x11\x51\xb7\xce"
|
39
|
+
dst = "\x00\x03\x2f\x1a\x74\xde"
|
40
|
+
e = PacketFu::EthHeader.new
|
41
|
+
e.eth_dst = dst
|
42
|
+
e.eth_src = src
|
43
|
+
e.eth_proto = "\x08\x00"
|
44
|
+
assert_equal(header, e.to_s)
|
45
|
+
assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
|
46
|
+
end
|
45
47
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
48
|
+
def test_macaddr
|
49
|
+
dst = "\x00\x03\x2f\x1a\x74\xde"
|
50
|
+
dstmac = "00:03:2f:1a:74:de"
|
51
|
+
assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
|
52
|
+
assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
|
53
|
+
end
|
52
54
|
|
53
55
|
end
|
54
56
|
|
55
57
|
class EthPacketTest < Test::Unit::TestCase
|
56
|
-
|
58
|
+
include PacketFu
|
57
59
|
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
60
|
+
def test_eth_create
|
61
|
+
sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
|
62
|
+
e = EthPacket.new
|
63
|
+
header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
|
64
|
+
assert_kind_of EthPacket, e
|
65
|
+
assert_kind_of EthHeader, e.headers[0]
|
66
|
+
assert e.is_eth?
|
67
|
+
assert !e.is_tcp?
|
68
|
+
e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
|
69
|
+
e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
|
70
|
+
e.eth_proto = 0x0800
|
71
|
+
assert_equal header, e.to_s[0,14]
|
72
|
+
end
|
71
73
|
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
74
|
+
def test_eth_new
|
75
|
+
p = EthPacket.new(
|
76
|
+
:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
|
77
|
+
:eth_src => "\x00\x1b\x11\x51\xb7\xce",
|
78
|
+
:eth_proto => 0x0800)
|
79
|
+
header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
|
80
|
+
assert_equal header, p.to_s[0,14]
|
81
|
+
end
|
80
82
|
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
83
|
+
def test_eth_write
|
84
|
+
p = EthPacket.new(
|
85
|
+
:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
|
86
|
+
:eth_src => "\x00\x1b\x11\x51\xb7\xce",
|
87
|
+
:eth_proto => 0x0800)
|
88
|
+
p.to_f('eth_test.pcap')
|
89
|
+
end
|
88
90
|
|
89
91
|
end
|
90
92
|
|
data/test/test_hsrp.rb
CHANGED
@@ -4,16 +4,16 @@ $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
|
4
4
|
require 'packetfu'
|
5
5
|
|
6
6
|
class HSRPTest < Test::Unit::TestCase
|
7
|
-
|
7
|
+
include PacketFu
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
9
|
+
def test_hsrp_read
|
10
|
+
sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
|
11
|
+
pkt = Packet.parse(sample_packet)
|
12
|
+
assert pkt.is_hsrp?
|
13
|
+
assert pkt.is_udp?
|
14
|
+
assert_equal(0x2d8d, pkt.udp_sum.to_i)
|
15
|
+
# pkt.to_f('udp_test.pcap','a')
|
16
|
+
end
|
17
17
|
|
18
18
|
end
|
19
19
|
|
data/test/test_inject.rb
CHANGED
@@ -6,24 +6,24 @@ require 'packetfu'
|
|
6
6
|
|
7
7
|
class InjectTest < Test::Unit::TestCase
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
9
|
+
def test_cap
|
10
|
+
assert_nothing_raised { PacketFu::Capture }
|
11
|
+
end
|
12
|
+
|
13
|
+
def test_whoami
|
14
|
+
assert_nothing_raised { PacketFu::Utils.whoami?(:iface => PacketFu::Utils.default_int) }
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_to_w
|
18
|
+
assert_equal(Process.euid, 0, "TEST FAIL: This test must be run as root")
|
19
|
+
conf = PacketFu::Utils.whoami?(:iface => PacketFu::Utils.default_int)
|
20
|
+
p = PacketFu::UDPPacket.new(:config => conf)
|
21
|
+
p.udp_dport = 12345
|
22
|
+
p.udp_sport = 12345
|
23
|
+
p.payload = "PacketFu test packet"
|
24
|
+
p.recalc
|
25
|
+
assert p.to_w
|
26
|
+
end
|
27
27
|
|
28
28
|
end
|
29
29
|
|
data/test/test_invalid.rb
CHANGED
@@ -4,24 +4,24 @@ $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
|
4
4
|
require 'packetfu'
|
5
5
|
|
6
6
|
class InvalidTest < Test::Unit::TestCase
|
7
|
-
|
7
|
+
include PacketFu
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
9
|
+
def test_create_invalid
|
10
|
+
p = InvalidPacket.new
|
11
|
+
assert_kind_of InvalidPacket, p
|
12
|
+
assert_kind_of Packet, p
|
13
|
+
assert p.is_invalid?
|
14
|
+
assert_equal false, p.is_eth?
|
15
|
+
assert_not_equal EthPacket, p.class
|
16
|
+
end
|
17
17
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
18
|
+
# Sadly, the only way to generate an "InvalidPacket" is
|
19
|
+
# to read a packet that's less than 14 bytes. Otherwise,
|
20
|
+
# it's presumed to be an EthPacket. TODO: Fix this assumption!
|
21
|
+
def test_parse_invalid
|
22
|
+
p = Packet.parse("A" * 13)
|
23
|
+
assert_kind_of InvalidPacket, p
|
24
|
+
end
|
25
25
|
|
26
26
|
end
|
27
27
|
|
data/test/test_octets.rb
CHANGED
@@ -1,33 +1,35 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# -*- coding: binary -*-
|
3
|
+
|
2
4
|
require 'test/unit'
|
3
5
|
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
6
|
require 'packetfu'
|
5
7
|
|
6
8
|
class OctetsTest < Test::Unit::TestCase
|
7
|
-
|
9
|
+
include PacketFu
|
8
10
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
11
|
+
def test_octets_read
|
12
|
+
o = Octets.new
|
13
|
+
o.read("\x04\x03\x02\x01")
|
14
|
+
assert_equal("4.3.2.1", o.to_x)
|
15
|
+
end
|
14
16
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
17
|
+
def test_octets_read_quad
|
18
|
+
o = Octets.new
|
19
|
+
o.read_quad("1.2.3.4")
|
20
|
+
assert_equal("1.2.3.4", o.to_x)
|
21
|
+
assert_equal("\x01\x02\x03\x04", o.to_s)
|
22
|
+
assert_equal(0x01020304, o.to_i)
|
23
|
+
end
|
22
24
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
25
|
+
def test_octets_single_octet
|
26
|
+
o = Octets.new
|
27
|
+
o.read("ABCD")
|
28
|
+
assert_equal(o.o1, 0x41)
|
29
|
+
assert_equal(o.o2, 0x42)
|
30
|
+
assert_equal(o.o3, 0x43)
|
31
|
+
assert_equal(o.o4, 0x44)
|
32
|
+
end
|
31
33
|
|
32
34
|
end
|
33
35
|
|
data/test/test_packet.rb
CHANGED
@@ -1,172 +1,174 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# -*- coding: binary -*-
|
3
|
+
|
2
4
|
require 'test/unit'
|
3
5
|
$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "lib"))
|
4
6
|
require 'packetfu'
|
5
7
|
|
6
8
|
class NewPacketTest < Test::Unit::TestCase
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
9
|
+
include PacketFu
|
10
|
+
|
11
|
+
def test_method_missing_and_respond_to
|
12
|
+
p = TCPPacket.new
|
13
|
+
assert p.respond_to?(:ip_len)
|
14
|
+
assert p.ip_len = 20
|
15
|
+
assert !(p.respond_to? :ip_bogus_header)
|
16
|
+
assert_raise NoMethodError do
|
17
|
+
p.bogus_header = 20
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def test_more_method_missing_magic
|
22
|
+
p = UDPPacket.new
|
23
|
+
assert_kind_of(UDPPacket,p)
|
24
|
+
assert p.is_udp?
|
25
|
+
assert p.is_ip?
|
26
|
+
assert p.is_eth?
|
27
|
+
assert_equal(p.ip_hl,5)
|
28
|
+
assert p.layer
|
29
|
+
assert_raise NoMethodError do
|
30
|
+
p.is_blue?
|
31
|
+
end
|
32
|
+
assert_raise NoMethodError do
|
33
|
+
p.tcp_blue
|
34
|
+
end
|
35
|
+
assert_raise NoMethodError do
|
36
|
+
p.udp_blue
|
37
|
+
end
|
38
|
+
assert_raise NoMethodError do
|
39
|
+
p.blue
|
40
|
+
end
|
41
|
+
end
|
40
42
|
end
|
41
43
|
|
42
44
|
class PacketStrippingTest < Test::Unit::TestCase
|
43
45
|
|
44
|
-
|
46
|
+
include PacketFu
|
45
47
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
48
|
+
def test_arp_strip
|
49
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
50
|
+
p = Packet.parse(pcaps[5], :fix => true) # Really ARP request.
|
51
|
+
assert_kind_of(Packet,p)
|
52
|
+
assert_kind_of(ARPPacket,p)
|
53
|
+
end
|
52
54
|
|
53
55
|
end
|
54
56
|
|
55
57
|
class PacketParsersTest < Test::Unit::TestCase
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
58
|
+
include PacketFu
|
59
|
+
|
60
|
+
def test_parse_eth_packet
|
61
|
+
assert_equal(EthPacket.layer, 1)
|
62
|
+
assert_equal(EthPacket.layer_symbol, :link)
|
63
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
64
|
+
p = Packet.parse(pcaps[5]) # Really ARP.
|
65
|
+
assert_kind_of(Packet,p)
|
66
|
+
assert_kind_of(EthHeader, p.headers[0])
|
67
|
+
assert p.is_eth?
|
68
|
+
assert_equal(pcaps[5],p.to_s)
|
69
|
+
end
|
70
|
+
|
71
|
+
def test_parse_arp_request
|
72
|
+
assert_equal(ARPPacket.layer, 2)
|
73
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
74
|
+
p = Packet.parse(pcaps[5]) # Really ARP request.
|
75
|
+
assert p.is_eth?
|
76
|
+
assert_kind_of(EthPacket,p)
|
77
|
+
assert_kind_of(ARPPacket,p)
|
78
|
+
assert p.is_arp?
|
79
|
+
assert_equal(p.to_s, pcaps[5])
|
80
|
+
assert_equal(1, p.arp_opcode.to_i)
|
81
|
+
assert_equal("\x00\x01", p.headers.last[:arp_opcode].to_s)
|
82
|
+
end
|
83
|
+
|
84
|
+
def test_parse_arp_reply
|
85
|
+
assert_equal(ARPPacket.layer, 2)
|
86
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
87
|
+
p = Packet.parse(pcaps[6]) # Really ARP reply.
|
88
|
+
assert_equal(p.to_s, pcaps[6])
|
89
|
+
assert_equal(2, p.arp_opcode.to_i)
|
90
|
+
assert_equal("\x00\x02", p.headers.last[:arp_opcode].to_s)
|
91
|
+
end
|
92
|
+
|
93
|
+
def test_parse_ip_packet
|
94
|
+
assert_equal(IPPacket.layer, 2)
|
95
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
96
|
+
p = Packet.parse(pcaps[0]) # Really DNS request
|
97
|
+
assert_equal(p.to_s[0,20], pcaps[0][0,20])
|
98
|
+
assert_equal(p.to_s, pcaps[0])
|
99
|
+
assert_kind_of(EthPacket,p)
|
100
|
+
assert_kind_of(IPPacket,p)
|
101
|
+
end
|
102
|
+
|
103
|
+
def test_parse_tcp_packet
|
104
|
+
assert_equal(TCPPacket.layer, 3)
|
105
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
106
|
+
p = Packet.parse(pcaps[7]) # Really FIN/ACK
|
107
|
+
assert_equal(p.to_s, pcaps[7])
|
108
|
+
assert_kind_of(EthPacket,p)
|
109
|
+
assert_kind_of(IPPacket,p)
|
110
|
+
assert_kind_of(TCPPacket,p)
|
111
|
+
end
|
112
|
+
|
113
|
+
def test_parse_udp_packet
|
114
|
+
assert_equal(UDPPacket.layer, 3)
|
115
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
116
|
+
p = Packet.parse(pcaps[0]) # Really DNS request
|
117
|
+
assert_equal(p.to_s, pcaps[0])
|
118
|
+
assert_kind_of(EthPacket,p)
|
119
|
+
assert_kind_of(IPPacket,p)
|
120
|
+
assert_kind_of(UDPPacket,p)
|
121
|
+
end
|
122
|
+
|
123
|
+
def test_parse_icmp_packet
|
124
|
+
assert_equal(ICMPPacket.layer, 3)
|
125
|
+
assert_equal(ICMPPacket.layer_symbol, :transport)
|
126
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
127
|
+
p = Packet.parse(pcaps[3]) # Really ICMP reply
|
128
|
+
assert_equal(p.to_s, pcaps[3])
|
129
|
+
assert_kind_of(EthPacket,p)
|
130
|
+
assert_kind_of(IPPacket,p)
|
131
|
+
assert_kind_of(ICMPPacket,p)
|
132
|
+
end
|
133
|
+
|
134
|
+
def test_parse_invalid_packet
|
135
|
+
assert_equal(InvalidPacket.layer, 0)
|
136
|
+
assert_equal(InvalidPacket.layer_symbol, :invalid)
|
137
|
+
p = Packet.parse("\xff\xfe\x00\x01")
|
138
|
+
assert_equal(p.to_s, "\xff\xfe\x00\x01")
|
139
|
+
assert_kind_of(InvalidPacket,p)
|
140
|
+
end
|
141
|
+
|
142
|
+
def test_parse_ipv6_packet
|
143
|
+
assert_equal(IPv6Packet.layer, 2)
|
144
|
+
assert_equal(IPv6Packet.layer_symbol, :internet)
|
145
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample-ipv6.pcap')
|
146
|
+
p = Packet.parse(pcaps[0]) # Really an IPv6 packet
|
147
|
+
assert_equal(p.to_s, pcaps[0])
|
148
|
+
assert_kind_of(EthPacket,p)
|
149
|
+
assert(!p.kind_of?(IPPacket), "Misidentified as an IP Packet!")
|
150
|
+
assert_kind_of(IPv6Packet,p)
|
151
|
+
end
|
152
|
+
|
153
|
+
def test_parse_hsrp_packet
|
154
|
+
assert_equal(HSRPPacket.layer, 4)
|
155
|
+
assert_equal(HSRPPacket.layer_symbol, :application)
|
156
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
|
157
|
+
p = Packet.parse(pcaps[0]) # Really an HSRP Hello packet
|
158
|
+
assert_equal(p.to_s, pcaps[0])
|
159
|
+
assert_kind_of(EthPacket,p)
|
160
|
+
assert_kind_of(IPPacket,p)
|
161
|
+
assert_kind_of(UDPPacket,p)
|
162
|
+
assert_kind_of(HSRPPacket,p)
|
163
|
+
end
|
164
|
+
|
165
|
+
def test_parse_hsrp_as_udp
|
166
|
+
assert_equal(:application, HSRPPacket.layer_symbol)
|
167
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
|
168
|
+
p = Packet.parse(pcaps[0], :parse_app => false) # Really an HSRP Hello packet
|
169
|
+
assert_kind_of(UDPPacket,p)
|
170
|
+
assert(!p.kind_of?(HSRPPacket), "Misidentified HSRP packet when we didn't want it!" )
|
171
|
+
end
|
170
172
|
|
171
173
|
end
|
172
174
|
|